Monday, May 14, 2018

How Serious is the Security Risk of the newly Discovered “Efail” Encryption Threat?

Colleagues, researchers at Germany’s
KU Leuven, Ruhr University Bochum and Munster University published a new
paper detailing the risk of Efail
to OpenPGP and S-Mine
encryption standards. OpenPGP,
the commonly employed email encryption method was OpenPGP was originally
derived from the PGP software. Whereas, S/MIME is based on asymmetric
cryptography to protect your emails from unauthorized access.
Efail enables an attacker to use the target’s own email client to decrypt
previously acquired messages and return the decrypted content to the attacker.
Efail exploits plaintext-recovery attacks on email standards as
opposed to network protocols TLS, IPsec and SSH. The email apps deemed to be
most at risk include Mozilla Thunderbird, iOS Mail and Apple Mail. Two
mitigation techniques have been identified. First, decrypt emails outside of
their primary email client. And second, disable HTML rendering.
Open issue: Just how serious and widespread of a threat does Efail represent to
corporate and individual email users? Let us
known your comments and subscribe today! Lawrence, Cyber Security Defender
(https://cybersecuritydefender.blogspot.com)